Techdirt. Stories filed under "fisa"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "fisa"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Thu, 26 Mar 2015 11:33:38 PDTBill Introduced To Repeal Patriot Act And Prevent The Government From Demanding Encryption BackdoorsTim Cushinghttps://www.techdirt.com/articles/20150325/15135130430/bill-introduced-to-repeal-patriot-act-prevent-government-demanding-encryption-backdoors.shtml
https://www.techdirt.com/articles/20150325/15135130430/bill-introduced-to-repeal-patriot-act-prevent-government-demanding-encryption-backdoors.shtml
Since the Snowden leaks began, there have been several efforts made -- legislative and administrative -- in response to the exposure of the NSA's domestic surveillance programs. Some have been real fixes. Some have been fake fixes. Others have targeted the thing the NSA desires even more than seemingly limitless access to data from all over the world: funding.

The bill would completely repeal the Patriot Act, the sweeping national security law passed in the days after Sept. 11, 2001, as well as the 2008 FISA Amendments Act, another spying law that the NSA has used to justify collecting vast swaths of people's communications through the Internet.

If anything's due for a complete revamp, if not a complete repeal, it's the Patriot Act. It wasn't even good legislation back when it was passed. At best, it was "timely," which is a term that gives the rushed, secretive, knee-jerk legislation far more credit than it deserves. Pocan and Massie's (the latter of which has just introduced a new phone-unlocking bill with Rep. Zoe Lofgren to replace the bad one passed by the House in 2014) "Surveillance State Repeal Act" doesn't waste any time "tinkering around the edges."

Not only would the bill repeal the law, it would reset anything (amendments/additional government powers) brought into force by the Patriot Act and the FISA Amendments Act of 2008. On top of that, it would demand the immediate deletion of tons of data from the NSA's collections.

DESTRUCTION OF CERTAIN INFORMATION.—The Director of National Intelligence and the Attorney General shall destroy any information collected under the USA PATRIOT Act (Public Law 107-56) and the amendments made by such Act, as in effect the day before the date of the enactment of this Act, concerning a United States person that is not related to an investigation that is actively ongoing on such date.

The bill, oddly, also describes a path towards FISA Judge For Life positions.

TERMS; REAPPOINTMENT.—Section 103(d) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(d)) is amended— (1) by striking ‘‘maximum of seven’’ and inserting ‘‘maximum of ten’’; and (2) by striking ‘‘and shall not be eligible for re-designation’’.

Which is fine (not really) if you like the judges already appointed. But this is the sort of thing that leads to the permanent appointment of judges favored by either side of the surveillance question. And so far, presidential administrations have come down in favor of domestic surveillance. Removing the term limits just encourages the appointment of permanent NSA rubber stamps.

The bill creates a warrant requirement for the acquisition of US persons' data under the FISA Amendments Act and Executive Order 12333. It also expressly forbids a government mandate for encryption backdoors, although the first sentence of this section seems to be a rather large loophole.

Notwithstanding any other provision of law, the Federal Government shall not mandate that the manufacturer of an electronic device or software for an electronic device build into such device or software a mechanism that allows the Federal Government to bypass the encryption or privacy technology of such device or software.

If this bill somehow manages to pass a round or two of scrutiny, language tweaks will certainly be requested -- possibly leading to a complete subversion of the bill's intent. But that's a huge "if." Very few legislators have the stomach to gut the Patriot Act or the FISA Amendments Act. Many will be happy to entertain smaller fixes, but most won't be willing to essentially strip the NSA of its domestic surveillance powers. No one wants to be the "yea" vote that's pointed to in the wake of a terrorist attack and only a few more are actually willing to go head-to-head with the intelligence agency.

Permalink | Comments | Email This Story
]]>a-legislator-can-dream,-can't-he?https://www.techdirt.com/comment_rss.php?sid=20150325/15135130430Mon, 2 Mar 2015 05:54:00 PSTLate Friday, White House Announces That FISA Court Has Rubberstamped NSA Phone Record Collection, While Insisting It Wants ReformMike Masnickhttps://www.techdirt.com/articles/20150228/07025430169/late-friday-white-house-announces-that-fisa-court-has-rubberstamped-nsa-phone-record-collection-while-insisting-it-wants-reform.shtml
https://www.techdirt.com/articles/20150228/07025430169/late-friday-white-house-announces-that-fisa-court-has-rubberstamped-nsa-phone-record-collection-while-insisting-it-wants-reform.shtmlgotten a rubberstamp approval from the FISA Court for the NSA to collect in bulk basically all your phone records. As you probably know, this is just the latest in a long series of reapprovals by the FISA Court, which needs to reauthorize the program for limited periods of time each time the previous rubber stamp "expires." What hasn't made much sense in all of this is that President Obama announced a year ago that he wanted to end the bulk collection program, and as many people pointed out, there was an easy way to do so: just don't ask the FISA Court to renew the authority. But, rather than do that, the administration just keeps on asking (and getting) approval.

The excuse given in the released statement is that the White House wants Congress to force its hand to stop asking:

As the White House said [link to WH statement], the Administration welcomes the opportunity to work with the new Congress to implement the changes the President has called for. Given that legislation has not yet been enacted, and given the importance of maintaining the capabilities of the telephony metadata program, the government has sought a reauthorization of the existing program, as modified by the changes the President directed in January.

And, yes, the official announcement says "[link to WH statement]" -- because, hey, they're posting on Friday evening and might as well start the drinking early or something. It's not like this stuff matters. The rest of that claim is similarly misleading. The metadata program has not been shown to be important in any way. In fact, basically everyone who has looked at it from outside the intelligence community, including two separate government review bodies has admitted that there aren't any examples of the program actually being useful. So, it's hard to see what's so "important" about it.

But, really, this is all ridiculous. This is the same White House that is getting criticized all over the place for a variety of moves to take "executive action" where Congress is deadlocked. And, yet, here's a situation where literally the White House has all the power in the world to stop the program it claims it wants stopped -- and it says it needs Congress to act? That's not even close to believable.

The one "noteworthy" aspect to this latest rubberstamping is the end date. The newly approved authority runs until June 1, 2015, which is the date at which Section 215 of the PATRIOT Act sunsets and would no longer be law. This program exists under Section 215, so the government can't continue to collect those phone records after June 1, unless something happens. That "something" is the renewal of Section 215, and you better believe that the next few months are going to be a full on fight by the intelligence community and its supporters to spread as much fear as possible about why this program absolutely must be renewed. As you hear the scare stories, just remember that despite using this program for almost a decade there still isn't a single example of it being useful.

Permalink | Comments | Email This Story
]]>uh-huhhttps://www.techdirt.com/comment_rss.php?sid=20150228/07025430169Tue, 3 Feb 2015 01:13:32 PSTFISA Court Rubberstamped NSA's Questionable Legal Theories To Grant It Expanded Surveillance PowersTim Cushinghttps://www.techdirt.com/articles/20150128/13484029843/new-nsa-documents-show-fisa-court-buying-agencys-questionable-legal-theories-order-to-grant-it-expanded-surveillance-powers.shtml
https://www.techdirt.com/articles/20150128/13484029843/new-nsa-documents-show-fisa-court-buying-agencys-questionable-legal-theories-order-to-grant-it-expanded-surveillance-powers.shtmlthanks to a New York Times FOIA lawsuit. The documents are from 2007, and they further detail the agency's warrantless surveillance program which swept up not only phone numbers but also email addresses and content. The program wasn't actually legal at the time it rolled out. It took the FISA Amendments Act of 2008 to codify this. In the meantime, the agency used interim legislation (2007's Protect America Act) and some hubris to enhance its haystacking business.

The previously-released FISA order from April of 2007 contains a rare moment of hesitation by a FISA judge (Roger Vinson), who didn't buy the NSA's arguments that a phone number or email address could be a "facility" in and of itself. Rather than use the standard definition of a "facility" -- that being a base of operations -- the NSA chose to read it as an impossible combination of noun and verb. An email address is a "facility" because it "facilitates communications." Vinson wasn't too impressed with this, or the fact that the application didn't contain much in the way of probable cause. As he noted, the NSA's intention was to collect both sets of data in bulk, far from the targeted surveillance it attempted to portray in its application.

The May 2007 order (also by Roger Vinson) shows that the NSA found a way to get its aims accomplished, despite Vinson's reluctance. A "new legal theory" was offered by the agency in an amended application and buttressed by Keith Alexander's declaration that it was all totally legal.

Unfortunately, the order doesn't detail the NSA's legal theory, or at least not in any visible way. Vinson's musings on the NSA's Plan B turns out to be a bunch of wasted typing. His declaration that on the "basis of facts submitted by the applicant, there is probable cause to believe that...:" is followed by four completely redacted pages.

Following that, Vinson authorizes the NSA's "roving, multipoint" surveillance, based on the opinion that Congress would have authorized that (and apparently pretty much anything else it may or may not have conceived of) considering the "Government's national security interests are so great." This rationale again. And again, presented by an agency whose livelihood depends on the depiction of security threats as perennially "great" and everlasting. Vinson also agreed to contact-chaining using these numbers and email addresses as selectors. As a remedy for possibly illegal surveillance, the FISA court offers nothing more than fixes after the fact.

This holding, albeit novel, is consistent with the overall statutory requirements; it requires the Government to report and provide appropriate justification to the Court; and it supplies the Government with a necessary degree of agility and flexibility in tracking the targeted foreign powers. This Court will be able to ultimately determine whether the electronic surveillance was proper.

The FISA court authorizes a rolling 21-day grace period to report on any new numbers/email addresses added to the NSA's collections, from which the FISA judges would determine whether sufficient probable cause exists to continue surveillance. Better than nothing, but still a three-week "free swim" for analysts.

One stipulation stands out, though.

Unconsented physical entry is not authorized to implement the electronic surveillance approved herein.

The NSA isn't known for physically tapping phones or planting bugs (at least not here in the US… and at least not to our knowledge at this point). It's a requirement that does the agency no harm. But the hypothetical question raised by this is: does "unconsented physical entry" cover things like the interception of US tech companies' products in order to insert backdoors and malware? It won't be discussed here because this only deals with the NSA's roving, targeted/bulk surveillance hybrid. But it's something to keep in mind for future document releases.

This order is also added the FBI to the NSA's surveillance CC: list.

Information that is not foreign intelligence information, but reasonably appears to be evidence of a crime that has been, is being, or is about to be committed, may be disseminated (including United States person identities) to the FBI and other appropriate federal law enforcement authorities, in accordance with 50 U.S.C. 1806(b), Executive Order No. 12333…

And so, the domestic surveillance that wasn't (this order -- and past ones -- draws a very clear line between foreign targets and known US persons) becomes a handy tool for domestic surveillance. As the court notes earlier in the order, because of where the communications and data are collected, there's no real way to separate US/non-US data without digging through the collection. When it's discovered, minimization procedures are to apply -- except, apparently, if it can hand the data/communications off to the FBI. (The CIA, on the other hand, gets everything, domestic or foreign, apparently only subject to the NSA's discretion.)

Again, this entire line of surveillance still hadn't been determined to be completely legal. It took the FISA Amendments Act to codify this particular program. Despite that, it was approved anyway, thanks to the NSA's willingness to explore as many legal theories as necessary in order to secure the FISA judge's approval.

That's the problem with these two orders. We don't get to see the NSA's legal wranglings. Those are redacted. And what is actually revealed doesn't explain much. The May 2007 order notes that the NSA's arguments are still on shaky ground and the earlier (and much longer) April order handles the entirety of the agency's legal discussions on its contact-chaining of unrelated "facilities" in a single paragraph.

In this case, the Government has also asked for specific authority to acquire certain electronic communications that relate to or refer to an e-mail [redacted] that is targeted for surveillance under this Order. For example, the Government argues that it should be allowed to acquire any e-mail communication that mentions a targeted e-mail [redacted] even though the communication is to and from other e-mail [redacted] not currently under electronic surveillance. After careful consideration of the Government's arguments, the Court holds that, in the limited and carefully considered circumstances described below, there is probable cause to believe that internet communications relating to a previously targeted e-mail [redacted] are themselves being sent and/or received by one of the targeted foreign powers, and thus those communications may be acquired by the NSA.

And there goes any hope that the collection would be targeted. Simply mentioning a targeted email in the body of an email message is enough "probable cause" for the FISA court, which goes on to note that it's perfectly OK (in the search for supporting probable cause) for the agency to read nearly any communication that crosses its desk, provided it's within a step or two of its selectors.

The NSA didn't get to where it is today overnight. It took a decade of legal wrangling and the steadfast assertion that the terrorist threat to the US is just as strong as it was September 10, 2001. With the assistance of obliging courts and sympathetic legislators, the NSA has become a data and communications behemoth, sucking in vast quantities of both from all over the world.

Permalink | Comments | Email This Story
]]>well,-Congress-MIGHT-have-said,-'Collect-it-all'-if-it-only-knew-about-ahttps://www.techdirt.com/comment_rss.php?sid=20150128/13484029843Wed, 28 Jan 2015 04:12:08 PSTRep. Jared Polis Calls For 24 Hour Surveillance On Senator Marco RubioMike Masnickhttps://www.techdirt.com/articles/20150127/13450429833/rep-jared-polis-calls-24-hour-surveillance-senator-marco-rubio.shtml
https://www.techdirt.com/articles/20150127/13450429833/rep-jared-polis-calls-24-hour-surveillance-senator-marco-rubio.shtmlban dollar bills after Senator Joe Manchin asked the Treasury Department to ban Bitcoin. Polis, of course, took the same arguments Manchin used against Bitcoin and highlighted how dollar bills had the same characteristics.

His latest move is in response to Senator Marco Rubio's ridiculous and clueless call for greater levels of mass surveillance of Americans. Rubio calls for new laws to force tech companies to help the government spy on everyone and also a permanent extension of the controversial Section 215 of the Patriot Act, the part of the law that was twisted by the DOJ and the NSA to pretend it means they can demand every phone record on every American because they might be able to sniff through it all and find something interesting.

“If Senator Rubio believes that millions of innocent Americans should be subject to intrusive and unconstitutional government surveillance, surely he would have no objections to the government monitoring his own actions and conversations,” said Rep. Polis. “Senator Rubio is asking for American technology companies to ‘cooperate with authorities,’ so I believe he will have no objection to authorities being given access to his electronic correspondence and metadata. Maybe after his 2016 strategy documents are accidentally caught up in a government data grab, he’ll rethink the use of mass surveillance.”

Rubio’s op-ed called for “a permanent extension of the counterterrorism tools our intelligence community relies on” and said that the tactics were “legally and painstakingly established.” This is in stark contrast with the conclusions of the Privacy and Civil Liberties Oversight Board, which found the data collection practices to be illegal, saying the Patriot Act “does not provide an adequate basis to support this program.”

This new focus on Senator Rubio shouldn’t require any additional legislation, as Senators have already been included in intelligence agency monitoring.

Nicely done. While he's at it, Polis might want to ask Rubio to release all of his own metadata publicly anyway. After all, if there's no big deal in snooping through metadata, Rubio shouldn't have any shame in revealing everyone he calls (or who calls him), everyone he emails and every website he visits. Right?

Permalink | Comments | Email This Story
]]>because-polis-is-awesomehttps://www.techdirt.com/comment_rss.php?sid=20150127/13450429833Tue, 20 Jan 2015 09:15:00 PSTFBI Defuses Another Of Its Own Terrorist Plots; John Boehner Pretends It's Evidence That We Need To Renew The PATRIOT ActMike Masnickhttps://www.techdirt.com/articles/20150117/06571529729/fbi-defuses-another-its-own-terrorist-plots-john-boehner-pretends-its-evidence-that-we-need-to-renew-patriot-act.shtml
https://www.techdirt.com/articles/20150117/06571529729/fbi-defuses-another-its-own-terrorist-plots-john-boehner-pretends-its-evidence-that-we-need-to-renew-patriot-act.shtmlleading to the arrest of a 20 year-old man, Christopher Lee Cornell, in Ohio. According to the FBI, Cornell was planning to go to the US Capitol and kill government officials. As often happens with these kinds of announcements, the press was quick to jump in and fuel the narrative of some big terror plot that the FBI was able to miraculously disrupt at the last minute.

For years now, we've pointed out a pattern of how nearly every big headline about the US disrupting a domestic terrorist attack was almost always about the FBI creating its very own plot, and then pressuring and cajoling some vulnerable, poverty-stricken, desperate Muslim (almost always Muslim) young men into "joining" this plot. This happens despite those individuals rarely having expressed direct interest in any sort of terrorist activity, or having any connections or means to carry out such activity. But with continued pressure from "FBI informants" (who tend to either by paid by the FBI or are trying to reduce punishment for other crimes they've been charged with -- or both), eventually these men agree to take part in a "plot" that was entirely designed by the FBI and had no chance of ever happening. We've written about similar occurrences over and over and over and over and over and over and over and over and over and over and over and over again.

The alleged would-be terrorist is 20-year-old Christopher Cornell, who is unemployed, lives at home, spends most of his time playing video games in his bedroom, still addresses his mother as “Mommy” and regards his cat as his best friend; he was described as “a typical student” and “quiet but not overly reserved” by the principal of the local high school he graduated in 2012.

Not only did he just convert to Islam a few months ago (and there's no indication that he ever actually attended the mosque that he claimed to have joined), but the details of the overall story certainly match the pattern of an FBI made up plot:

The affidavit filed by an FBI investigative agent alleges Cornell had “posted comments and information supportive of [ISIS] through Twitter accounts.” The FBI learned about Cornell from an unnamed informant who, as the FBI put it, “began cooperating with the FBI in order to obtain favorable treatment with respect to his criminal exposure on an unrelated case.” Acting under the FBI’s direction, the informant arranged two in-person meetings with Cornell where they allegedly discussed an attack on the Capitol, and the FBI says it arrested Cornell to prevent him from carrying out the attack.

For someone supposedly plotting a terrorist attack, Cornell didn't seem particularly subtle. The affidavit notes that Cornell first came to their attention because of his tweets in support of ISIS. Then the informant reached out to him and began pushing the plot.

Yet, it's not just the mainstream press that is exaggerating this story. Speaker of the House John Boehner wasted little time in claiming that Cornell was only discovered because of "the FISA program."

“The first thing that strikes me is that we would’ve never known about this had it not been for the FISA program and our ability to collect information for people who pose an imminent threat.”

Except, uh, no. The dude was posting on a public Twitter feed and then had a government informant reach out to him. It doesn't look like anyone needed any particular "FISA program." Thankfully, at least some reporters quickly called bullshit on this, noting that the facts of the case don't at all match up with a situation in which any sort of FISA-approved surveillance effort was needed.

Instead, it seems clear that this is just blatant and cynical fear-mongering by John Boehner in the lead-up to the fight to renew certain provisions of the PATRIOT Act, including Section 215, which is the program under which the NSA and FBI get bulk phone records from phone companies (and, most likely, other bulk records). As Julian Sanchez points out in the link above, there seems to be no reason to have used data collected under Section 215 in this case:

According to the criminal complaint, it was an informant hoping to reduce his own criminal sentence who brought Cornell to the Bureau’s attention. Nor, indeed, was Cornell particularly subtle: Under the Twitter handle ISBlackFlags, he pseudonymously voiced support for the Islamic State and violent jihad. If that’s true, then while it would hardly be surprising if Cornell’s phone records were reviewed at some point in the investigation, it’s hard to see how a bulk telephone database could have been essential to identifying him. Once Cornell had been identified, of course, traditional targeted intelligence or law enforcement authorities would have been sufficient to allow investigators access to his metadata—or, for that matter, his online communications.

But, knowing that the fight over renewing Section 215 is going to be a big deal later this year, it appears that Boehner used this as a bogus excuse to start laying the groundwork for such an approval. Remember, that multiple groups -- including the White House's own review board and the government's Privacy and Civil Liberties Oversight Board -- couldn't find any evidence that the 215 program was necessary in stopping a single domestic terrorist attack. The only case that it was really involved in was a guy in California sending some money back to Somalia.

When the fight to renew 215 really ramps up, this lack of a success story is likely to come up. And, thus, it appears that the supporters of the surveillance state are desperately in need of some "success stories" for the 215 program, and Boehner seems to have rushed out and grabbed the first available one and he's going to milk it for all its worth.

“I’m going to say this one more time because you’re going to hear about it for months and months to come as we attempt to reauthorize the FISA program: Our government does not spy on Americans — unless they are Americans who are doing things that frankly tip off our law enforcement officials to an imminent threat. It was our law enforcement officials and those programs that helped us stop this person before he committed a heinous crime in our nation’s capital.”

Except, no, it wasn't. This sounds like yet another of the government self-built plots that had no chance of ever taking off, and the only reason Cornell, a homebound videogame player who calls his mother "Mommy," got involved was because he was a gullible, disenchanted kid who spouted off some stupid statements on Twitter, making him easy prey.

Permalink | Comments | Email This Story
]]>wag-that-doghttps://www.techdirt.com/comment_rss.php?sid=20150117/06571529729Mon, 13 Oct 2014 21:05:01 PDT60 Minutes Tells Stories About FBI And NSA But Somehow Fails To Connect The DotsTrevor Timm, FPFhttps://www.techdirt.com/articles/20141013/13463428813/cognitive-dissonance-about-fbi-nsa-60-minutes.shtml
https://www.techdirt.com/articles/20141013/13463428813/cognitive-dissonance-about-fbi-nsa-60-minutes.shtml
60 Minutes, which has been harshly criticized for running puff pieces for the NSA and FBI recently, is at it again. Last night, they ran two unrelated yet completely conflicting segments—one focusing on FBI Director Jim Comey, and the other on New York Times reporter James Risen—and the cognitive dissonance displayed in the back-to-back interviews was remarkable.

First up was 60 Minutes correspondent Scott Pelley's interview with FBI Director Jim Comey. 60 Minutes aired the first part of the interview last week, which ran 14 minutes and did not contain a single adversarial question. This time, Scott Pelley asked him at least asked a couple softballs about civil liberties, although the primary one Comey just refused to answer.

The main focus of the piece, however, was Comey's supposed commitment to "the rule of law." "That's a principle over which James Comey is willing to sacrifice his career," Pelley explains to the audience. He then proceeded to re-tell the infamous "hospital bed" scene from 2004 during the Bush administration, where Comey, then deputy attorney general, threatened to resign unless Bush altered the original NSA warrantless surveillance program. Bush relented a bit and so Comey stayed on as deputy attorney general for more than a year afterwards.

Comey is portrayed as the hero, who stopped illegal surveillance from going forward. What Comey did was certainly admirable, but this episode happened in March 2004 and only pertained to a small portion of the NSA's illegal activities. The NSA's illegal warrantless wiretapping program (as the public knew it) was first exposed more than eighteen months later in December 2005. 60 Minutes explains this in the very next segment but couldn't apparently put two and two together: Jim Comey was presumably also responsible for signing off on the illegal program the New York Times exposed after his hospital bed protest.

During this segment, 60 Minutes interviewed James Risen about the Obama administration's war on leaks and described the scoop he is most famous for: his Pulitzer Prize-winning story exposing that same warrantless wiretapping program.

Risen explains to 60 Minutes correspondent Lesley Stahl that the NSA was not only gathering metadata without a warrant on Americans in 2005, but the content of phone conversations as well. And as Stahl herself points out—and as former NSA chief Michael Hayden basically admits in the segment—this was in direct violation of the 1978 law the Foreign Intelligence Surveillance Act, which required court orders to conduct such spying.

Critically, Risen's first story in December 2005 makes it clear the warrantless wiretapping of Americans was ongoing at the time. And we learned just last year as part of the Snowden revelations that Comey's hospital protest was over Internet metadata, not illegal eavesdropping on phone calls.

So to sum up: the government was breaking the law in December 2005. This is the program that Comey had presumably signed off on after the much-talked-about incident and he remained deputy attorney general. Yet Comey is still uncontroversially portrayed as a man dedicated to "the rule of law."

This information was readily available to 60 Minutes, as it's in the most well-known recounting of the hospital bed scene done by reporter Barton Gellman for the Washington Post and in his book The Angler in 2007. As Barton Gellman reported in 2007, Comey forced some changes with his potential resignation in 2004, but "much of the operation remained in place."

"Imagine you're doing ten things one day, and the next day you're only doing eight of them," an unnamed official told Gellman in The Angler. "That's basically what happened here."

Permalink | Comments | Email This Story
]]>comey's-no-herohttps://www.techdirt.com/comment_rss.php?sid=20141013/13463428813Tue, 7 Oct 2014 14:43:47 PDTTwitter Sues The US Government For The Right To Disclose Surveillance RequestsMike Masnickhttps://www.techdirt.com/articles/20141007/14052828755/twitter-sues-us-government-right-to-disclose-surveillance-requests.shtml
https://www.techdirt.com/articles/20141007/14052828755/twitter-sues-us-government-right-to-disclose-surveillance-requests.shtmlspat with the US government over the right to disclose FISA orders received under Section 702 of the FISA Amendments Act. These orders are what made up the PRISM program that got so much early attention, with some early reports implying, incorrectly, that the tech companies had given the NSA full access to their systems under the program. The reality is that the 702 program includes specific FISA court orders for access to specific information, not blanket access. What's unknown is just how narrow or broad those orders are, and that's partly because of a gag order that comes with any of those FISA court orders. In response, a bunch of those tech companies filed a lawsuit arguing they had a First Amendment right to reveal the number of orders they had received. Further, they noted that due to the early, misinterpreted reporting, they needed to be able to reveal how many orders they received, and how many people it impacted, to correct the faulty record on their level of sharing with the NSA.

In January, the tech companies and the DOJ settled the lawsuit, with the US government agreeing to specific ways in which tech companies could reveal some information on those orders, but in a very limited way. Basically they could reveal some information in "bands." Depending on how they revealed the info, it could be in bands of 250 people or bands of 1,000 people -- but if you chose the 250 option, you also had to lump in National Security Letters (NSLs), making the information even harder to parse. While this was progress over nothing, it was a pretty small step forward.

That's why we were happy to see Twitter come out in February and say that, while those other companies (including Google, Facebook and Microsoft) had agreed to that settlement, it was not good enough for Twitter, and that the company would keep pushing for the right to say how many FISA orders it had received. Apparently those negotiations with the DOJ haven't gone very well, as the company has now sued the US government over the issue. Twitter claims that it even asked for the ability to publish a redacted transparency report, but the DOJ even tried to block that. The full filing is worth reading.

Twitter seeks to lawfully publish information contained in a draft Transparency
Report submitted to the Defendants on or about April 1, 2014. After five months, Defendants
informed Twitter on September 9, 2014 that “information contained in the [transparency] report is
classified and cannot be publicly released” because it does not comply with their framework for
reporting data about government requests under the Foreign Intelligence Surveillance Act
(“FISA”) and the National Security Letter statutes. This framework was set forth in a January 27,
2014 letter from Deputy Attorney General James M. Cole to five Internet companies (not
including Twitter) in settlement of prior claims brought by those companies (also not including
Twitter) (the “DAG Letter”).

The Defendants’ position forces Twitter either to engage in speech that has been
preapproved by government officials or else to refrain from speaking altogether. Defendants
provided no authority for their ability to establish the preapproved disclosure formats or to
impose those speech restrictions on other service providers that were not party to the lawsuit or
settlement.

Twitter’s ability to respond to government statements about national security
surveillance activities and to discuss the actual surveillance of Twitter users is being
unconstitutionally restricted by statutes that prohibit and even criminalize a service provider’s
disclosure of the number of national security letters (“NSLs”) and court orders issued pursuant to
FISA that it has received, if any. In fact, the U.S. government has taken the position that service
providers like Twitter are even prohibited from saying that they have received zero national
security requests, or zero of a particular type of national security request.

These restrictions constitute an unconstitutional prior restraint and content-based
restriction on, and government viewpoint discrimination against, Twitter’s right to speak about
information of national and global public concern. Twitter is entitled under the First Amendment
to respond to its users’ concerns and to the statements of U.S. government officials by providing
more complete information about the limited scope of U.S. government surveillance of Twitter
user accounts—including what types of legal process have not been received by Twitter—and the
DAG Letter is not a lawful means by which Defendants can seek to enforce their unconstitutional
speech restrictions.

It will be interesting to see how far this lawsuit goes. Unfortunately, the courts are often willing to give great deference to the government when it insists things need to be secret, but there's always a chance that a court may recognize the problematic nature of how the government gags companies in this manner.

Permalink | Comments | Email This Story
]]>good-for-themhttps://www.techdirt.com/comment_rss.php?sid=20141007/14052828755Tue, 16 Sep 2014 09:03:02 PDTMore Yahoo vs. The NSA: Government Tried To Deny Standing, Filed Supporting Documents Yahoo Never Got To SeeTim Cushinghttps://www.techdirt.com/articles/20140915/13173328523/more-yahoo-vs-nsa-government-tried-to-deny-standing-filed-supporting-documents-yahoo-never-got-to-see.shtml
https://www.techdirt.com/articles/20140915/13173328523/more-yahoo-vs-nsa-government-tried-to-deny-standing-filed-supporting-documents-yahoo-never-got-to-see.shtml
After having the court documents unsealed and the gag order lifted, Yahoo is finally free to talk about that one time when the government wanted to fine it $250,000 a day [!!] for refusing to comply with a FISA court order to turn over data on its customers. Two of the lawyers (Mark Zwillinger and Jacob Sommer) who represented Yahoo in that court battle, have written a post detailing the behind-the-scenes activity.

First off, they note that it's kind of amazing they're even able to discuss it at this point.

Having toiled in secret until recently, and having originally been told we would need to wait 25 years to tell anyone of our experience, it is refreshing to be able to write about the case in detail.

That's the normal declassification schedule, which at this point would still be nearly 18 years away. Fortunately, Ed Snowden's leaks have led to an accelerated schedule for many documents related to the NSA's surveillance programs, as well as fewer judges being sympathetic to FOIA stonewalling and exemption abuse.

We've talked several times about how the government makes it nearly impossible to sue it for abusing civil liberties with its classified surveillance programs. It routinely claims that complainants have no standing, ignoring the fact that leaked documents have given us many details on what the NSA does and doesn't collect. But in Yahoo's case, it went against its own favorite lawsuit-dismissal ploy.

First, the government's prior position on standing may be a bit of a surprise. In more recent cases, like Clapper, it has argued that only the provider has standing to challenge surveillance orders under the FISA Amendments Act, not individual users who may have been caught up in the surveillance. But, in this fight, the government argued that Yahoo had no standing to challenge a directive on the basis of the Fourth Amendment rights of its users.

The government definitely would prefer the swift removal of cases rather than actually having to defend its programs' Constitutionality -- so much so that it attempted to push the argument that no one has standing to challenge its collections. But that wasn't the government's only angle. The courts refused to entertain this sudden shift in the government's "standing" argument, so it moved on to levying fines.

A very short time frame to respond was granted to Yahoo, something made even shorter by the government's foot-dragging.

The FISC issued its decision on April 25, 2008, but we were not permitted to inspect the order until April 29, 2008 (and even then were not allowed to take notes), and did not receive a copy until May 5, 2008, when the government demanded that Yahoo give a same-day answer whether it would comply with the surveillance demand.

Shortly after Yahoo's response, the government moved for contempt charges and fines. $250,000 per day was the minimum. It asked for constantly-escalating fines that would double each week until Yahoo complied. Even for a tech giant, this fee scale could turn into real money incredibly quickly.

Simple math indicates that Yahoo was facing fines of over $25 million dollars for the 1st month of noncompliance, and fines of over $400 million in the second month if the court went along with the government’s proposal. And practically speaking, coercive civil fines means that the government would seek increased fines, with no ceiling, until Yahoo complied.

While the government was threatening Yahoo with massive fines, it was also filing secret briefs and motions in support of its admittedly "coercive" levies, stating that the company's resistance was causing "great harm," apparently on a daily basis.

Finally, the documents that were recently released by the ODNI (and Yahoo itself) contain many that Yahoo -- who was directly involved in this court battle -- had never seen before August 22.

The government filed ex parte documents in support of its surveillance program, many of which Yahoo had no access to during the legal struggle. Not only did the government force Yahoo to respond on its own schedule, but it kept the company in the dark about its justifications and other aspects of its programs. Yahoo couldn't ask for these documents in discovery, nor did it even know these existed.

[P]erhaps most importantly, a FISC decision from January 15, 2008 regarding the procedures for the DNI/AG Certification at issue, which Yahoo had never seen. It examines those procedures under a “clearly erroneous” standard of review – which is one of the most deferential standards used by the judiciary. Yahoo did not have these documents at the time, nor the opportunity to conduct any discovery. It could not fully challenge statements the government made, such as the representation to FISCR “assur[ing the Court] it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.” Nor could Yahoo use the January 15, 2008 decision to demonstrate how potential flaws in the targeting process translated into real world effects.

When it comes to the nation's security, apparently no legal deck can be stacked high enough. The government forces those who challenge its secret programs to wage courtroom battles with only the barest minimum of information. And, should it decide the defendant isn't moving fast enough, it can pursue exorbitant (and admittedly coercive) fines until it gets the cooperation it's seeking.

Permalink | Comments | Email This Story
]]>blindfolded-and-pickpocketedhttps://www.techdirt.com/comment_rss.php?sid=20140915/13173328523Thu, 14 Aug 2014 08:04:51 PDTNewly Released Documents Show NSA Abused Its Discontinued Internet Metadata Program Just Like It Abused Everything ElseTim Cushinghttps://www.techdirt.com/articles/20140813/13544228205/newly-released-documents-show-nsa-abused-its-discontinued-internet-metadata-program-just-like-it-abused-everything-else.shtml
https://www.techdirt.com/articles/20140813/13544228205/newly-released-documents-show-nsa-abused-its-discontinued-internet-metadata-program-just-like-it-abused-everything-else.shtmla large batch of declassified documents, most of which deal with the NSA's discontinued Section 402 program. What this program did was re-read pen register/trap and trace (PR/TT) statutes to cover internet metadata, including sender/receiver information contained in email and instant messages. (Not to be confused with the Section 702 program, which is still active and harvests internet communications.)

Notably, this marks only the second time that the ODNI has acknowledged the document release has been compelled by a FOIA lawsuit.

Following a declassification review by the Executive Branch, the Department of Justice released on August 6, 2014, in redacted form, 38 documents relating to the now-discontinued NSA program to collect bulk electronic communications metadata pursuant to Section 402 of the FISA (“PRTT provision”). These documents are also responsive to a Freedom of Information Act request by the Electronic Privacy Information Center.

As EPIC's site notes (and the ODNI's doesn't), the program was authorized in 2004, but no legal justification was provided to Congressional oversight until a half-decade later. Contrast that fact with the ODNI's statement:

The information released on August 6, 2014, together with documents previously released, demonstrates the extent to which the IC sought and received FISC approval to collect electronic communications metadata under the PRTT provision, the oversight regime of internal checks over the program, and that Congress was kept fully apprised of the status of NSA’s electronic metadata collection.

Apparently, in intelligence jargon, "fully" is synonymous with "eventually."

Despite the program being discontinued, the documents are still heavily redacted. For instance, in the original opinion and order that found the bastardized PR/TT compliant with the Fourth Amendment, the government's description of "meta data" runs multiple pages, almost all of it covered in black. The government acknowledges the email metadata, but redacts everything else -- including testimony given on record to legislators. Chris Soghoian of the ACLU easily found some of the redacted text elsewhere on the web.

So, the declassification review apparently decided the public shouldn't know the NSA collected instant messaging with its discontinued program. Too bad it was discussed openly in a Senate hearing.

Here, by contrast, reading the term “relevant” to permit the collection of this critical information during wartime is a construction rooted in the text that requires no stretching of the ordinary meaning of the terms of the statute at all. In fact, for all the reasons outlined above, interpreting section 402 to authorize the collection the Government has requested in the best reading of the plain terms of the Act.

To the government, the most insanely expansive reading is the "best" reading. As Wheeler notes, this self-congratulatory paragraph is another example of why secret courts are dangerous.

But after you’ve made your best ditch effort to stretch the meaning of words, secretly, beyond all recognition, don’t then, secretly, pat yourself on the back pretending that wasn’t the game you just pulled.

But it's still, to this day, a secret court. And the documents released show it's still a largely deferential court -- one that actively allows the administration and the NSA to do its thinking for it. It's never been an adversarial court and has only very rarely acted like it's part of a system of checks and balances. In Judge Kollar-Kotelly's long defense of mutating PR/TT into an internet metadata dragnet, she puts words in Congress' mouth and removes potential roadblocks with alarming speed. Whatever slack the FISA Court fails to cut the administration, it cuts for itself. From the same memorandum quoted above:

Here, construing FISA to preclude the signals intelligence activities that the Executive Branch has concluded are vital to wartime defense of the Nation would raise a grave constitutional question about whether the statute, as so construed, impermissibly impinges on the President’s constitutionally assigned authorities as Commander in Chief and Chief Executive.

[...]

In almost all cases of potential constitutional conflict, if a statute is construed to restrict the Executive, the Executive has the option of seeking additional clarifying legislation from Congress. In this case, by contrast, the Government cannot pursue that route because seeking legislation would inevitably compromise the secrecy of the collection program the Government wishes to undertake.

That's the Executive Branch cutting the Legislative Branch out of the loop, and doing so with assistance provided by an offshoot of the Judicial Branch. That's the vaunted oversight being kicked to the curb in order to oblige the NSA. The system of checks and balances apparently is unworkable during times of war.

All of this is unsurprising, given what we've learned about the FISA court over the past several months (as well as the government's arguments in support of dragnet surveillance programs). Equally as unsurprising is the fact that the NSA immediately took this new program and abused it, just like it's abused everything else it's been entrusted with by the FISA Court.

The government, the document indicates, “acknowledges that NSA exceeded the scope of authorized acquisition continuously during the more than [redacted] years of acquisition under [the] orders.”

When not abusing the limits of the program to gather information it shouldn't have had access to, the NSA was sharing its ill-gotten goods with other government agencies, ignoring its own rules about dissemination by distributing unminimized US persons' data. But despite this evidence of wrongdoing, no one was punished and, in fact, the government didn't even feel compelled to explain its actions to the court.

As was noted above, the supposed oversight that's supposed to help prevent this sort of abuse wasn't even apprised of the program until five years after the FISA court gave its approval. The documents forced out of the NSA's hands by a handful of lawsuits clearly shows the agency can't be trusted to police itself and isn't interested in letting anyone else tackle that job.

Permalink | Comments | Email This Story
]]>so, more of the same, then?https://www.techdirt.com/comment_rss.php?sid=20140813/13544228205Wed, 9 Jul 2014 07:31:36 PDTFBI Directly Spying On Prominent Muslim-American Politicians, Lawyers And Civil Rights ActivistsMike Masnickhttps://www.techdirt.com/articles/20140709/05473827820/fbi-directly-spying-prominent-muslim-american-politicians-lawyers-civil-rights-activists.shtml
https://www.techdirt.com/articles/20140709/05473827820/fbi-directly-spying-prominent-muslim-american-politicians-lawyers-civil-rights-activists.shtmlwas directly spying on a bunch of prominent American politicians, lawyers and civil rights activists... who happened to be Muslim.

Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush;

Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases;

Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University;

Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights;

Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country.

This certainly harkens back to the days of spying on Martin Luther King and other human rights activists -- the kind of thing that was supposed to have stopped decades ago. In fact, the driving reason for setting up the FISA Court was to prevent this kind of thing. As Greenwald's report notes, these individuals were on a list of folks who the DOJ had convinced the FISA Court that there was "probable cause" were engaged in terrorism.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also “are or may be” engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens.

The spreadsheet shows 7,485 email addresses listed as monitored between 2002 and 2008. Many of the email addresses on the list appear to belong to foreigners whom the government believes are linked to Al Qaeda, Hamas, and Hezbollah. Among the Americans on the list are individuals long accused of terrorist activity, including Anwar al-Awlaki and Samir Khan, who were killed in a 2011 drone strike in Yemen.

But a three-month investigation by The Intercept—including interviews with more than a dozen current and former federal law enforcement officials involved in the FISA process—reveals that in practice, the system for authorizing NSA surveillance affords the government wide latitude in spying on U.S. citizens.

Reading through the report, it becomes quite clear that the main reason these individuals on the list is solely because they're Muslim. Of every lawyer who has helped represent defendants in terrorism-related cases, the only one on this list just happens to be Muslim. As the article reminds us, a few years back, Spencer Ackerman did some great reporting, revealing how the FBI was being trained to believe all Muslims were "violent" and "radical" and the impact of that ridiculous training appears to be clear in what this latest report finds. Perhaps the most chilling example of this anti-Muslim attitude is found in a training document revealed in this new report, showing intelligence community members how to "identify" targets for the FISA court. The "placeholder" name says it all:

Later in the report, the government tries to deny that there was a FISA Court order concerning at least one of the individuals listed above, even though they were in the spreadsheet. But that level of confusion only suggests that the process is even more of a mess. Whether or not this complied with the law is a distraction. The law shouldn't allow this kind of thing.

A former Justice Department official involved in FISA policy in the Obama Administration says the process contains too many internal checks and balances to serve as a rubber stamp on surveillance of Americans. But the former official, who was granted anonymity to speak candidly about FISA matters, acknowledges that there are significant problems with the process. Having no one present in court to contest the secret allegations can be an invitation to overreach. “There are serious weaknesses,” the former official says. “The lack of transparency and adversarial process—that’s a problem.”

Indeed, the government’s ability to monitor such high-profile Muslim-Americans—with or without warrants—suggests that the most alarming and invasive aspects of the NSA’s surveillance occur not because the agency breaks the law, but because it is able to exploit the law’s permissive contours. “The scandal is what Congress has made legal,” says Jameel Jaffer, an ACLU deputy legal director. “The claim that the intelligence agencies are complying with the laws is just a distraction from more urgent questions relating to the breadth of the laws themselves.”

Much of the rest of the story involves a detailed look at the men listed above, all of which is worth reading, demonstrating just how ridiculous it was to be spying on their communications. The video of Faisal Gill is really worth watching:

Permalink | Comments | Email This Story
]]>because of course they didhttps://www.techdirt.com/comment_rss.php?sid=20140709/05473827820Mon, 30 Jun 2014 12:51:16 PDTFBI, CIA Use Backdoor Searches To Warrentlessly Spy On Americans' CommunicationsMike Masnickhttps://www.techdirt.com/articles/20140630/12101627734/fbi-cia-also-make-use-backdoor-searches-nsa-data-to-access-us-communications-without-warrant.shtml
https://www.techdirt.com/articles/20140630/12101627734/fbi-cia-also-make-use-backdoor-searches-nsa-data-to-access-us-communications-without-warrant.shtml"backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.

This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:

The FBI does not track how many queries it conducts using U.S. person
identifiers. The FBI is responsible for identifying and countering threats to the homeland, such
as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its
domestic mission, the FBI routinely deals with information about US persons and is expected to
look for domestic connections to threats emanating from abroad, including threats involving
Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within
the information lawfully in its possession, the FBI does not distinguish between U.S. and non-
U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI
does not receive all of Section 702 collection; rather, the FBI only requests and receives a
small percentage of total Section 702 collection and only for those selectors in which the
FBI has an investigative interest.

Moreover, because the FBI stores Section 702 collection in the same database as
its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section
702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to
locate relevant information that is already in its possession when it opens new national security
investigations and assessments. Therefore, the FBI believes the number of queries is substantial.
However, only FBI personnel trained in the Section 702 minimization procedures are able to
View any Section 702 collection that is responsive to any query.

Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight.

Yikes!

Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:

In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of
that total number approximately 40% were conducted as a result of requests for
counterterrorism-related information from other U.S. intelligence agencies. Approximately 27%
of the total number are duplicative or recurring queries conducted at different times using the
same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person
identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702
collection. However, the CIA does not track the number of metadata-only queries using U.S.
person identifiers.

So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place.

Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:

When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.

Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done.

Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.

Permalink | Comments | Email This Story
]]>but-of-coursehttps://www.techdirt.com/comment_rss.php?sid=20140630/12101627734Tue, 17 Jun 2014 09:03:00 PDTCourt Rejects Request That Secret NSA Evidence Used Against Terrorism Suspect Be Shared With Suspect's LawyersMike Masnickhttps://www.techdirt.com/articles/20140616/18141727598/court-rejects-request-that-secret-nsa-evidence-used-against-terrorism-suspect-be-shared-with-suspects-lawyers.shtml
https://www.techdirt.com/articles/20140616/18141727598/court-rejects-request-that-secret-nsa-evidence-used-against-terrorism-suspect-be-shared-with-suspects-lawyers.shtmlAdel Daoud, an American citizen charged with terrorism. He's one of the many, many folks that was arrested following one of the FBI's infamous home grown plots (i.e. he was never actually involved in any terrorism, as all of his "co-conspirators" were actually FBI agents or informants, and there was never any actual threat or chance that he'd pull off an actual terrorist attack). Back during the (pre-Snowden) debates on renewing Section 702 of the FISA Amendments Act, Senator Dianne Feinstein used Daoud's case as a specific example of when the program had been useful in stopping terrorism.

That caught the attention of Daoud's lawyers, who noted that this was the first they'd heard of this, and it seemed pretty clear that the government had withheld the evidence that was used to bring Daoud to trial in the first place (which is, as you know, not really allowed). After asking for the evidence, the district court first said no, but then ordered that some of the documents being filed actually be shared with Daoud's attorneys (who have the necessary security clearances). The DOJ, of course, flipped out at this idea that the lawyers for someone they're trying to lock up forever should actually be able to see the evidence used against him and how it was collected.

This resulted in an appeals court hearing, which bizarrely had to happen twice after the FBI so scared court staff that they failed to record the public portion of the oral hearings. The hearings were also odd in that, at one point, everybody but DOJ folks and the judges were kicked out of the courtroom, raising serious questions about basic due process.

The judge appears to have believed that adversary procedure is always essential to resolve contested issues of fact.
That is an incomplete description of the American judicial
system in general and the federal judicial system in particular. There are ex parte or in camera hearings in the federal
courts as well as hearings that are neither or both. And there
are federal judicial proceedings that though entirely public
are nonadversarial, either partly or entirely.

Posner basically says that the district court judge herself should have looked over the materials first, to determine if it makes sense to pass them on, rather than defaulting to saying that they should be shared with the lawyers. As such, he basically reveals that the "secret hearing" that was held was to go over the material with the appeals court judges, and they're satisfied that nothing needs to be revealed to Daoud's attorneys.

...our study of the materials convinces us that
the investigation did not violate FISA. We shall issue a classified opinion explaining (as we are forbidden to do in a
public document) these conclusions, and why therefore a
remand to the district court is neither necessary nor appropriate.

Posner also, not surprisingly, rejects the objection by Daoud's lawyers to that secret hearing, noting that it was necessary to determine if the DOJ lawyers were being fully honeset with the court:

Their objecting to the classified hearing was ironic. The
purpose of the hearing was to explore, by questioning the
government’s lawyer on the basis of the classified materials,
the need for defense access to those materials (which the
judges and their cleared staffs had read). In effect this was
cross-examination of the government, and could only help
the defendant.

Defense counsel’s written motion cites no authority for
forbidding classified hearings, including classified oral arguments in courts of appeals, when classified materials are
to be discussed. We don’t think there’s any authority it could
cite.

And, voila, the secret law and secret courts and secret evidence continue unabated...

For a very good analysis of this ruling, I recommend Steve Vladeck's take, in which he notes that Posner seems to (somewhat bizarrely) confuse sharing details with Daoud's lawyers in secret, with "openness" to the public. As Vladeck notes, the district court judge recognized that not everything had to happen publicly, but was (reasonably) concerned that just having a judge look over the secret FISA court ruling would not be sufficient, since the judge would not have the same view as the defense attorneys. Posner seems to ignore or misinterpret all of that.

The problem, from Judge Coleman’s perspective, is that it may not always be possible for a district judge to determine whether disclosure is necessary (as opposed to whether it “may be necessary”) without the benefit of adversarial presentation. That is to say, § 1806(f) conditions the disclosure of classified FISA materials to a defendant (or, at least, his security-cleared counsel) upon a finding by the district judge that may, in some cases, only be possible with defense counsel’s participation. This is why, in her order mandating disclosure, Judge Coleman devoted so much of her energy to the importance of adversarial proceedings, especially in criminal cases—not because all proceedings in U.S. courts are adversarial (they’re not), but because, in this context specifically, adverse-ness makes it easier for a judge to have faith that she is comporting with her statutory and constitutional obligations.

But rather than accept—or at least sympathize with—Judge Coleman’s efforts to square a circle, Judge Posner derided them by suggesting that the government has a right to keep these materials secret, repeatedly criticizing calls (one is left to wonder from where) for “openness.” “Not only is federal judicial procedure not always adversarial,” Posner wrote; “it is not always fully public.” This is true, but entirely beside the point; Judge Coleman wasn’t seeking to open the proceedings; she was seeking to provide security-cleared defense counsel (who, just like everyone else, are subject to the Espionage Act) with access to classified information.

Permalink | Comments | Email This Story
]]>secret-courtshttps://www.techdirt.com/comment_rss.php?sid=20140616/18141727598Fri, 13 Jun 2014 10:57:00 PDTMike Rogers Says Google Is Unpatriotic For Not Wanting NSA To Spy On Its UsersMike Masnickhttps://www.techdirt.com/articles/20140613/07480127565/mike-rogers-says-google-is-unpatriotic-not-wanting-nsa-to-spy-its-users.shtml
https://www.techdirt.com/articles/20140613/07480127565/mike-rogers-says-google-is-unpatriotic-not-wanting-nsa-to-spy-its-users.shtmlConference on National Security at Georgetown University. It included plenty of the usual talking heads spouting nonsense, but I wanted to focus in on one particular talking head spouting particularly ridiculous nonsense. It's our old friend, Rep. Mike Rogers, who is retiring from Congress to try to become an even bigger blowhard on talk radio (as if that's possible). Apparently, Rogers is using this conference to practice the classical blowhard strategy of making a variety of absolutely ridiculous claims that directly contradict each other.

So, for example, he kicked it off by attacking Silicon Valley tech companies for fighting back against NSA surveillance, and for arguing (accurately) that the NSA's efforts have created a major business problem for them around the globe, as people outside the US no longer trust them. In Rogers' mind, that means these companies are putting "European profits above national security." This isn't even close to true, but that's what Rogers is claiming (at about 2 hours 10 minutes into the video, which is also embedded below):

While I'm on my soapbox, we should be really mad at Google and Facebook and Microsoft, because they're doing a very interesting, and I think, very dangerous thing. They've decided to come out and say "we oppose this new FISA bill, because it doesn't go far enough." And when you peel that onion back a bit and say "Why are you doing this? This is a good bill, it's safe, it's bi-partisan, it's rational. It meets all the requirements for 4th Amendment protections and privacy protection and allowing the system to work."

And they say, "Well, we have to do this because we're trying to make sure we don't lose our European business." I don't know about the rest of you but that offends me from the words "European business." Think about what they're doing. They're willing to, in their mind, justify the importance of their next quarter's earnings in Europe versus the national security of the United States. Everybody on those boards should be embarrassed and their CEOs should be embarrassed and their stockholders should be embarrassed. That one quarter cannot be worth the national security of the United States for the next ten generations."

This is wrong and ridiculous on so many levels, but let's just jump to the biggest one and then circle back later to the rest. Less than 15 minutes later (at about 2 hours 25 minutes into the video), Rogers was arguing how important the internet is to our economy, and how a cyberattack might destroy it. He's basically discussing his beloved CISPA and its "information sharing" components, which is really a backdoor way to "legalize" companies handing over all their data to the NSA without warrants.

One sixth of our economy now, is through the internet! One sixth! So this notion that we're all going to say "well the government should do nothing and just completely keep away" -- and I'm not for regulation, by the way, that's not what I mean, but I mean in some way to... to help defend these private networks or allow them to defend themselves -- if we don't get it right, one-sixth of our economy is going to go away. Like that (*snaps*). If every time you turn it on, you lose money, how many times are you going to turn it on and use the internet for commerce? You're not!

Right. Did you get that? If the NSA is violating all of your privacy, no big deal, and people will continue to use the internet and contributing to the economy -- and if it hurts the economy, well that's just the price we pay for national security. But, if those evil foreign governments violate your privacy, well, then all of you will stop using the internet and it will destroy our economy.

In short: if NSA hacking into Europeans eats into US companies' profits: that's patriotism. But if Europeans hack into US companies, then everyone will stop using the internet and it will destroy us all.

And then he goes even further:

If one financial institution -- we have one particular financial institution that clears somewhere about $7 trillion in global financial transactions every single day. Imagine if tomorrow that place gets in there, and through an attack of which we know does exist -- the potential does exist -- where the information is destroyed and manipulated. Now you don't know who owes what money. Some of that, they have lost transactions completely, forever. Imagine what that does to the economy? $7 trillion. Gone. Right? Gone! It's that serious!

So, profits of Wall Street banks are patriotic. But profits of Silicon Valley companies... well, they can be sacrificed for national security.

Except, of course, the underlying assumption in all of this -- which has been proven time and time again to be false, is that these efforts actually help with national security. Mike Rogers was one of the leading FUDspreaders, concerning the claim that the section 215 bulk phone records collection helped national security. Except that's been proven to be false time and time again. Both judges and the President's own task force have marvelled at the total lack of evidence that the bulk records provision was necessary.

The complaints from various tech companies (who Rogers himself admits makes up a huge part of our economy) is not about their "next quarter" of European profits, but about the very idea that he and his friends have more or less convinced the rest of the world that American internet companies are not trustworthy. That's not about next quarter's profits, it's about violating the privacy of everyone around the globe -- for no actual benefit.

So, in the end, we see what hypocritical views Rogers has. It's shameful and unpatriotic for Silicon Valley to be concerned about the privacy rights of their users, because that might lead to an attack on national security, and that attack on national security might harm the profits of Silicon Valley and (more importantly) Wall Street, and any attack on profits is unpatriotic (except, apparently, the profits he wanted them to give up first). Confused? Don't be. What Rogers is really saying is he doesn't give a shit, so long as the NSA gets to violate everyone's privacy, and he'll make any ridiculous argument to keep that happening. And, of course, to keep it secret, because if you don't know about it, he still thinks your privacy hasn't been violated.

Permalink | Comments | Email This Story
]]>because-mike-rogers-is-a-hypocritehttps://www.techdirt.com/comment_rss.php?sid=20140613/07480127565Thu, 15 May 2014 07:38:00 PDTDOJ Says Americans Have No 4th Amendment Protections At All When They Communicate With ForeignersMike Masnickhttps://www.techdirt.com/articles/20140514/17240227239/doj-says-americans-have-no-4th-amendment-protections-all-when-they-communicate-with-foreigners.shtml
https://www.techdirt.com/articles/20140514/17240227239/doj-says-americans-have-no-4th-amendment-protections-all-when-they-communicate-with-foreigners.shtmlquestioned if it's really true that the 4th Amendment doesn't apply to foreigners (the Amendment refers to "people" not "citizens"). But in some new filings by the DOJ, the US government appears to take its "no 4th Amendment protections for foreigners" to absurd new levels. It says, quite clearly, that because foreigners have no 4th Amendment protections it means that any Americans lose their 4th Amendment protections when communicating with foreigners. They're using a very twisted understanding of the (already troubling) third party doctrine to do this. As you may recall, after lying to the Supreme Court, the Justice Department said that it would start informing defendants if warrantless collection of information under Section 702 of the FISA Amendments Act (FAA) was used in the investigation against them.

The Supreme Court has long held that when one person voluntarily discloses information to another, the first person loses any cognizable interest under the Fourth Amendment in what the second person does with the information. . . . For Fourth Amendment purposes, the same principle applies whether the recipient intentionally makes the information public or stores it in a place subject to a government search. Thus, once a non-U.S. person located outside the United States receives information, the sender loses any cognizable Fourth Amendment rights with respect to that information. That is true even if the sender is a U.S. person protected by the Fourth Amendment, because he assumes the risk that the foreign recipient will give the information to others, leave the information freely accessible to others, or that the U.S. government (or a foreign government) will obtain the information.

This argument is questionable on so many levels. First, it's already relying on the questionable third party doctrine, but it seems to go much further, by then arguing that merely providing information to a foreign person means that it's okay for the US government to snoop on it without a warrant. The DOJ further defends this by saying, effectively, that foreign governments might snoop on it as well, so that makes it okay:

Moreover, any expectation of privacy of defendant in his electronic communications with a non-U.S. person overseas is also diminished by the prospect that his foreign correspondent could be a target for surveillance by foreign governments or private entities.

With this, it appears the DOJ is trying to attack the idea of the reasonable expectation of privacy that has been the basis of the 4th Amendment in the US. They're effectively arguing that since foreign governments might look at the info too, you should have no expectation of privacy in any communications with foreigners and thus you've waived all 4th Amendment protections in that content.

That's crazy.

In fact, they flat out admit that they're stripping Americans of any 4th Amendment rights with this claim, noting that communicating with foreigners means you've likely "eliminated" your 4th Amendment protections.

The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States.

The implications of this argument, if upheld by the court is staggering. It would seem to fly in the face of basic logic and historical 4th Amendment law, all discussing how it's the expectation of privacy that matters. And I'm fairly certain that most of us who regularly communicate with folks outside the US have quite a reasonable expectation of privacy in such communications (though, to be fair, I've been much more actively using encryption when talking to people outside the US lately).

As Jameel Jaffer of the ACLU points out, this eviscerates basic Constitutional protections for many Americans:

The government's argument is not simply that the NSA has broad authority to monitor Americans' international communications. The US government is arguing that the NSA's authority is unlimited in this respect. If the government is right, nothing in the Constitution bars the NSA from monitoring a phone call between a journalist in New York City and his source in London. For that matter, nothing bars the NSA from monitoring every call and email between Americans in the United States and their non-American friends, relatives, and colleagues overseas.

In the government's view, there is no need to ask whether the 2008 law violates Americans' privacy rights, because in this context Americans have no rights to be violated.

I'm curious if anyone wants to defend this as a reasonable interpretation of the 4th Amendment, because it seems quite clearly a complete bastardization of what the 4th Amendment says and how courts have interpreted it over the years.

Permalink | Comments | Email This Story
]]>expectation of privacy?https://www.techdirt.com/comment_rss.php?sid=20140514/17240227239Wed, 14 May 2014 15:19:31 PDTLooks Like Sprint Did Challenge FISC Order For Call Data, Asked If It Was SeriousMike Masnickhttps://www.techdirt.com/articles/20140514/14302427235/looks-like-sprint-did-challenge-fisc-order-call-data-asked-if-it-was-serious.shtml
https://www.techdirt.com/articles/20140514/14302427235/looks-like-sprint-did-challenge-fisc-order-call-data-asked-if-it-was-serious.shtmlfinally released a heavily redacted version of its attempt to justify the NSA's use of Section 215 of the PATRIOT Act to sweep up phone records on every phone call. It's noteworthy that this was the first time that the FISC had ever bothered to actually detail why it believed the program was legal, despite approving such bulk collection orders for years. In that ruling last fall (which had been written last July), one of the things that FISC Judge Claire Eagan stated was:

To date, no holder of records who has received an Order to produce bulk telephony metadata has challenged the legality of such an Order. Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so.

We found that to be fairly disappointing that no company had stepped up to challenge these orders. In fact, we noted just last month that an unnamed phone company was the first to challenge the records -- but it turns out that's not true. In fact, it turns out that what Eagan claimed in her ruling isn't true either.

In some newly declassified documents from the Director of National Intelligence, it's revealed that Sprint challenged the order, and basically forced the government to reveal the actual legal basis for the request. Sprint isn't named in the declassified legal filing, but people have confirmed that that's who it was.

The actual filing is a "Motion for Amended Secondary Order" from the DOJ, in which it's pretty clear that Sprint basically asked the government "are you fucking serious? you want us to hand over everything?" The motion from the DOJ is basically asking the FISA Court to repeat its original order with a legalese version of "yes, we're serious." As Julian Sanchez points out, it seems pretty clear that Sprint basically went back to the government and said could you repeat that, so that we actually know this is for real?

The Washington Post further claims that Sprint had a legal challenge drafted and ready to go, but was eventually persuaded by the DOJ and/or FISC not to go that far. Still, the idea that no one had questioned the legality of these orders doesn't appear to be accurate. Yes, we could have hoped that Sprint would have gone to greater lengths, but as we were just discussing this morning, the government puts immense pressure (often in the form of lies) on anyone who dares to challenge its ability to spy on everyone.

Permalink | Comments | Email This Story
]]>um...are-you-for-real?https://www.techdirt.com/comment_rss.php?sid=20140514/14302427235Mon, 5 May 2014 14:18:58 PDTCompeting NSA Reform Bills Suddenly Lurch Forward In CongressMike Masnickhttps://www.techdirt.com/articles/20140505/12492827130/competing-nsa-reform-bills-suddenly-lurch-forward-congress.shtml
https://www.techdirt.com/articles/20140505/12492827130/competing-nsa-reform-bills-suddenly-lurch-forward-congress.shtmlmarkup of the USA FREEDOM Act on Wednesday, complete with a Manager's Amendment from bill author Rep. Jim Sensenbrenner. If you don't recall, the USA FREEDOM Act was the best bet for real NSA reforms. It was far from perfect, but did actually do a lot of good things without adding a bunch of bad things. The amended version scales that back a bit. It's not as good, but it's still pretty good. Harley Geiger, over at CDT has a good overview of the Manager's Amendment, and how it actually improves the bill in certain areas, while Marcy Wheeler highlights both the good and bad of the amendment.

Of course, within just a few minutes of the Judiciary Committee announcing its plans to move forward with the USA FREEDOM Act, the House Intelligence Committee announced that it would hold its own damn markup on the competing "NSA reform" bill from Reps. Mike Rogers and Dutch Ruppersberger, which is designed to look like a shot at NSA reform, but which really would make it easier for the NSA to collect info on people. That bill, called the FISA Transparency and Modernization Act (almost none of that is true), is basically the NSA's prime choice for pretending to be reform.

This sets up a bit of an upcoming fight -- assuming that both markups lead to bills getting voted out of committee -- to see which bill House Speaker John Boehner is willing to bring to the floor. Basically, Boehner gets to make the final decision on NSA reform at this stage. Will he bring the real reform bill or the fake one?

Permalink | Comments | Email This Story
]]>well this might get interestinghttps://www.techdirt.com/comment_rss.php?sid=20140505/12492827130Fri, 11 Apr 2014 03:51:12 PDTDOJ Updates FISA Court On Its Bulk Record Data Retention, Glosses Over Earlier MisconductTim Cushinghttps://www.techdirt.com/articles/20140410/17343226874/doj-updates-fisa-court-its-bulk-record-data-retention-glosses-over-earlier-misconduct.shtml
https://www.techdirt.com/articles/20140410/17343226874/doj-updates-fisa-court-its-bulk-record-data-retention-glosses-over-earlier-misconduct.shtml
The DOJ, via its Deputy Assistant Attorney General, has sent a memo to FISC Judge Reggie Walton, informing him of just how compliant the agency has been during the last couple of months as conflicting orders over the retention of bulk record data went flying as a result of multiple BR-related lawsuits.

The DOJ, speaking for the NSA and FBI (who actually collect the collections), went from one court to the other (the Northern District Court of California and the FISA Court), trying to figure out whether it would be destroying aged-off data or holding onto it. It was hard to discern which route the DOJ preferred to take, but FISA Judge Walton managed to sniff out the agency's true intentions, calling them out for not only failing to inform the FISA court of standing retention orders but also attempting to talk the involved plaintiffs from passing this information along to the involved courts.

Given these actions, it would appear the DOJ preferred to dump the data rather than have it actually appear in court as evidence. But Judge Walton, along with the district court, prevented that. The DOJ's letter to Judge Walton conveniently glosses over its misconduct, instead portraying the agency as a conscientious party doing the best it could under the circumstances.

The DOJ's letter notes that it managed to restrain itself from destroying any aged-off data while waiting for the conflicting orders to be settled (March 5 - March 12), which means the BR data still has a chance to be used in court. According to the letter, this retained data is being held separately from the rest of the bulk collections, which means it can't be accessed by analysts searching the metadata. Supposedly, the NSA will only be allowed to peek in on the retained data to verify it's all still present and accounted for.

While this sort of hi-gloss portrayal is to be expected from an agency that probably still believes it did nothing wrong, it's rather audacious of the DOJ to attempt to pass this narrative off to the same judge that called it out for misleading the FISA court and attempting to bury plaintiffs' concerns.

Permalink | Comments | Email This Story
]]>see-how-GREAT-we-are-at-STUFF!https://www.techdirt.com/comment_rss.php?sid=20140410/17343226874Thu, 3 Apr 2014 13:55:00 PDTDOJ Flips Out That Evidence Gathered Via FISA Orders Might Be Made Available To DefendantsMike Masnickhttps://www.techdirt.com/articles/20140402/12194426777/doj-flips-out-that-evidence-gathered-via-fisa-orders-might-be-made-available-to-defendants.shtml
https://www.techdirt.com/articles/20140402/12194426777/doj-flips-out-that-evidence-gathered-via-fisa-orders-might-be-made-available-to-defendants.shtmlhome grown plots. Even before the whole Snowden situation broke, late in 2012 when the Senate was "debating" (and I use that term loosely) the renewal of the FISA Amendments Act (which created Section 702, the key piece of the PRISM program), Senator Dianne Feinstein strongly fought for the renewal... using Daoud's case as an example of where Section 702 was a key component in stopping terrorism -- saying that it was necessary in "a plot to bomb a downtown Chicago bar." That describes the Daoud case, if by "plot" you mean Daoud and a bunch of undercover FBI agents creating a plan that was never actually going to happen.

Feinstein's admission that the FISA Amendments Act was used in the Daoud case took his lawyers by surprise, since none of the evidence they'd been shown involved that. His lawyers then asked for access to the evidence that was obtained via the FAA. After the Snowden revelations (including how information obtained via FISA is often "laundered" to various law enforcement agencies to keep it out of court), his lawyers got even more aggressive. While their initial shot failed, in January, Judge Sharon Coleman decided that, assuming (as claimed) Daoud's lawyer had security clearance, he should be able to see the FISA related materials. As she noted:

While this Court is mindful of the fact that no court has ever allowed disclosure of FISA
materials to the defense, in this case, the Court finds that the disclosure may be necessary. This
finding is not made lightly, and follows a thorough and careful review of the FISA application
and related materials. The Court finds however that an accurate determination of the legality of
the surveillance is best made in this case as part of an adversarial proceeding. The adversarial
process is the bedrock of effective assistance of counsel protected by the Sixth Amendment.... Indeed, though this Court is capable of making
such a determination, the adversarial process is integral to safeguarding the rights of all citizens,
including those charged with a crime. “The right to the effective assistance of counsel is thus the
right of the accused to require the prosecution’s case to survive the crucible of meaningful
adversarial testing.”

But a court’s preference for the adversarial process—a circumstance
that exists in all litigation—cannot serve as a basis for declaring that
disclosure of FISA materials is “necessary to make an accurate determination
of the legality of the surveillance” under the statute. Congress envisioned
that FISA litigation be handled ex parte, in camera, with disclosure the rare
exception.... Yet
the district court’s reasoning would turn that regime on its head. A court
could always say that an adversarial proceeding would be the “best” way to
determine the legality of the FISA collection. To compel disclosure on that
basis would trivialize FISA’s necessity standard and work a sea change in
FISA litigation.

Right. How dare anyone think that it might be reasonable or sensible for courts to make sure that lawyers representing clients who were involved in plots created by the FBI actually get to see the secret evidence that the FBI got via a FISA court order? Why, due process might break out! And we're the US government. Can't have that!

Furthermore, the DOJ is positive that the courts simply don't understand the security issues, and the judge shouldn't worry about such things, because the smart people in the executive branch can decide for themselves which classified surveillance efforts are appropriate to reveal:

The district court also misjudged the damage to national security that
could result from disclosing the FISA applications and orders, even to cleared
defense counsel under a protective order, as substantiated by declarations
from the Attorney General of the United States and the Acting Assistant
Director of the FBI for Counterterrorism. A “need-to-know” must exist before
classified information may be disclosed, even to those who possess a security
clearance, and that essential prerequisite is present only where disclosure to
defense counsel is “necessary” for a court to adjudicate the legality of the
FISA collection.

When viewed under the correct “necessity” standard, nothing about the
challenged FISA collection justifies the district court’s outlier decision. As the
classified record makes clear, the ex parte process that the statute provides
readily permits an accurate determination that the FISA collection was
lawful, and the defendant’s allegations to the contrary are unfounded. A court
reviewing the applications would have no difficulty determining that they established probable cause to believe the target was an agent of a foreign power and that a significant purpose of the collection was to obtain foreign intelligence information.

This all seems... completely bogus. But what makes it especially bogus is that after it came out that the Solicitor General, Donald Verrilli made false statements to the Supreme Court about whether or not defendants in such cases would be told about evidence collected via the FISA process, the DOJ promised that it would start letting defendants know when the FISA process was used in the investigation. Yet, what the DOJ's response here shows, is that even when that's the case, the DOJ will do everything possible to keep the details of what was done via FISA (and whether or not it was legal or appropriate) out of the case.

Permalink | Comments | Email This Story
]]>of-course-they-dohttps://www.techdirt.com/comment_rss.php?sid=20140402/12194426777Thu, 27 Mar 2014 08:50:00 PDTObama Still Asking FISA Court To Renew Bulk Phone CollectionMike Masnickhttps://www.techdirt.com/articles/20140327/07013326704/obama-still-asking-fisa-court-to-renew-bulk-phone-collection.shtml
https://www.techdirt.com/articles/20140327/07013326704/obama-still-asking-fisa-court-to-renew-bulk-phone-collection.shtmlannounced his willingness to really end the bulk collection of phone records under Section 215 of the Patriot Act, Senator Patrick Leahy pointed out that the easiest way to do that was to simply not ask the FISA Court to renew that authority this Friday when it expired. The NY Times editorial board picked up that ball and ran with it, publishing an editorial saying that if the President wants us to believe he's serious about ending bulk phone surveillance he should end the program on Friday.

No such luck.

While plenty of people are still waiting for the actual "legislative package" the administration claims it's putting together to accomplish its plan to end bulk phone record collection (but not other bulk collections), the White House has now released a "fact sheet" about its plans that concludes at the bottom by saying that the President has still asked the DOJ to renew the authority:

Legislation will be needed to implement the President’s proposal. The Administration has been in consultation with congressional leadership and members of the Intelligence and Judiciary Committees on this important issue throughout the last year, and we look forward to continuing to work with Congress to pass a bill that achieves the goals the President has put forward. Given that this legislation will not be in place by March 28 and given the importance of maintaining the capabilities in question, the President has directed DOJ to seek from the FISC a 90-day reauthorization of the existing program, which includes the substantial modifications in effect since February.

There are still numerous questions raised by the President's proposal, and it really seems entirely focused on just one problematic aspect of the NSA's surveillance capabilities. Yes, it's the part that has received the most attention, and yes it's the part that also has been shown to have never actually been useful. But this proposal seems a lot more focused on pre-empting much more comprehensive legislation like the USA Freedom Act. Furthermore, the fact that the President still refuses to just kill off the program while waiting for Congress to act suggests this is all for show. Tossing this on Congress is a great way for the President to pretend to do something while knowing nothing will actually happen.

Permalink | Comments | Email This Story
]]>becausehttps://www.techdirt.com/comment_rss.php?sid=20140327/07013326704Wed, 12 Mar 2014 09:16:00 PDTNew Snowden Docs Reveal How The FISA Court Reinterpreted The Law -- And Its Own Role -- In Total SecrecyMike Masnickhttps://www.techdirt.com/articles/20140311/17562426536/new-snowden-docs-reveal-how-fisa-court-reinterpreted-law-its-own-role-total-secrecy.shtml
https://www.techdirt.com/articles/20140311/17562426536/new-snowden-docs-reveal-how-fisa-court-reinterpreted-law-its-own-role-total-secrecy.shtmlFISA Court (FISC) for quite some time, though a lot more often in the wake of the Ed Snowden revelations, seeing as it repeatedly approved these programs to spy on everyone. As has been noted in the past, the FISC was never supposed to be interpreting (or re-interpreting) the law. It was really just supposed to be about having judges (in secret) approving or disapproving requests from law enforcement to get warrants to spy on people. This is a perfectly reasonable role for a secret court. But things went seriously awry when it started trying to interpret the law, and to approve sweeping programs that effectively allowed the intelligence community to spy on everyone.

The NY Times has an in-depth look at how FISC reinterpreted both the law and its own role in near total secrecy, in the wake of September 11th. Reporters Charlie Savage and Laura Poitras (one of Snowden's first press contacts) use some previously unrevealed documents, including key FISC rulings, to explain what happened. The article focuses on the so-called "Raw Take" order -- docket 02-431 -- which removed restrictions that had been placed on the intelligence community regarding sharing information about Americans. The ruling came on July 22nd, 2002, while the country was still reeling from the September 11, 2001 attacks.

The Raw Take order appears to have been the first substantial demonstration of the court’s willingness after Sept. 11 to reinterpret the law to expand government powers. N.S.A. officials included it as one of three court rulings on an internal timeline of key developments in surveillance law from 1972 to 2010, deeming it a historic event alongside once-secret 2004 and 2006 rulings on bulk email and call data.

While the 9/11 Commission certainly did later find that a big problem in not uncovering the plot before it took place was the failure of the agencies in the intelligence community to share information with each other, this ruling seems to be a key point in having FISC go beyond merely giving the thumbs up or thumbs down to warrant requests and start interpreting the law, and doing so in a way that secretly (and massively) expanded the power of the intelligence community. From there, it was apparently off to the races, and other expansionist rulings followed:

The newly disclosed documents also refer to a decision by the court called Large Content FISA, a term that has not been publicly revealed before. Several current and former officials, speaking on the condition of anonymity, said Large Content FISA referred to sweeping but short-lived orders issued on Jan. 10, 2007, that authorized the Bush administration to continue its warrantless wiretapping program.

The fact that the FISC is clearly reinterpreting law -- such that a secret law is developed which clearly contradicts the public's (and many politicians') understanding of the law -- is on display:

But the orders are also mentioned in a classified draft of an N.S.A. inspector general report that Mr. Snowden disclosed, which calls them “Foreign Content” and “Domestic Content” orders. The report cites a legal theory that reinterpreted a key word in the original FISA — the “facility” against which the court may authorize spying because a terrorism suspect is using it.

Facilities had meant phone numbers or email addresses, but a judge accepted an argument that they could instead be the gateways connecting the American communications network to the world, because Qaeda militants were probably among the countless people using those switches. Privacy protections would be applied afterward, the report said.

The article also notes that the "Raw Take" report made it easier for the intelligence community to share information on Americans (information it's not really supposed to have, for the most part) with foreign nations:

The Raw Take order, back in 2002, also relaxed limits on sharing private information about Americans with foreign governments. The bar was higher for sharing with outsiders: Raw information was not provided, and even information deemed relevant about a terrorism issue required special approval.

Under procedures described in a 1984 report, only the attorney general could authorize such dissemination. But on Aug. 20, 2002, Attorney General John Ashcroft, citing the recent order, secretly issued new procedures allowing the N.S.A. to provide information to foreign governments without his clearance.

Also, the new documents reveal that despite Keith Alexander and others insisting that only a limited number of specially trained analysts could access the massive data collections, within the NSA it was widely known that the controls were not that strong and violations were likely to occur:

Access within the N.S.A. to raw FISA information was initially limited to its headquarters at Fort Meade, Md. But in 2006, the N.S.A. expanded sharing to specialists at its code-breaking centers in Hawaii, Texas and Georgia. Only those trained would obtain access, but a review demonstrated that wider sharing had already increased risks. A document noted that the agency was mixing two types of FISA information, each subject to different court-imposed rules, along with other records, and “it is possible that there are already FISA violations resulting from the way data has been stored in these databases.”

The sharing of raw information continued to expand after the enactment of the FISA Amendments Act. On Sept. 4, 2008, the court issued a lengthy opinion, which remains secret but was cited in another opinion that has been declassified, approving minimization rules for the new law. A video explaining the new rules to N.S.A. employees noted that “C.I.A. and F.B.I. can have access to unminimized data in many circumstances.”

While the revelations from the past few months had already exposed the basic concept of what was happening (the FISC going way beyond what most people thought it was there for, using pretzel logic to interpret laws into saying things that they clearly didn't say), this new report provides an insightful timeline and a peek into some of the key decisions, and how the NSA used those rulings to massively expand its ability to spy on Americans with near total secrecy.

If Congress is serious about fixing the NSA mess (and by no means do I think it is), one place to start would be to bring the FISC back down to its original mandate, and stop it from reinterpreting the law in secret. America is not supposed to have secret laws, but thanks to the FISC, we do.

Permalink | Comments | Email This Story
]]>and-against-the-public-interesthttps://www.techdirt.com/comment_rss.php?sid=20140311/17562426536Mon, 10 Mar 2014 05:05:00 PDTFISA Court Shuts Down DOJ's Attempt To Hold Onto Section 215 Metadata IndefinitelyTim Cushinghttps://www.techdirt.com/articles/20140307/16401426487/fisa-court-shuts-down-dojs-attempt-to-hold-onto-section-215-metadata-indefinitely.shtml
https://www.techdirt.com/articles/20140307/16401426487/fisa-court-shuts-down-dojs-attempt-to-hold-onto-section-215-metadata-indefinitely.shtml
As we recently covered, the DOJ asked the FISA court to extend the disposal deadline of phone metadata from the usual five years to an indefinite period of time, supposedly in order to preserve evidence it might need to present in lawsuits filed against the government. (Not that the DOJ has any intention of ever turning this information over, no longer how long the NSA holds onto it…) Somewhat surprisingly, (outgoing) FISC judge Reggie Walton has turned the DOJ's request down.

The DOJ contended it had a "duty" to preserve evidence -- a duty that supposedly superseded the destruction requirements of the metadata collection. Judge Walton calls the DOJ out for this claim ("the Court rejects this premise"), but more damningly, calls bullshit on the DOJ's citations.

The government cites three cases in support of its position: Inc. v. So, 271.R.D. 13 (S.D.N.Y. 2010), Richard Green (Fine Paintings) v. McClendon, 262 F.R.D. 284 (S.D.N.Y. 2009), and Zubulake v. UBS Warburg LLC, 229 F.R.D. 422 (S.D.N.Y. 2004). Although the destruction of electronic records was an issue in all three cases, R.F.M.A.S. at 40; at 287-88; Zubulake at 434, none of these cases involved a conflict between a litigant's duty to preserve electronic records and a statute or regulation that required their destruction. They merely demonstrate that, when triggered, a civil litigant's duty to preserve relevant evidence includes electronic records and that duty trumps a corporate document destruction policy. The Court has not found any case law supporting the government's broad assertion that its duty to preserve supersedes statutory or regulatory requirements.

So, that's the DOJ's "legal basis" for the indefinite retention of bulk metadata: preservation of evidence statutes governing private entities. It somehow hoped to treat the FISA court as nothing more than a regulatory speed bump rather than the fine line between national security and outright civil liberty abuse. The FISA court points out that what it's asking for is much more significant than it seems to realize. As Walton reminded the NSA in one of his earlier court orders, without the minimization procedures in place, the Section 215 collection would be unconstitutional.

In other words, nearly all of the call detail records collected pertain to communications of non-U.S. persons who are not the subject of an FBI investigation to obtain foreign intelligence information, are communications of US. persons who are not the subject of an FBI investigation to protect against international terrorism or clandestine intelligence activities, and are data that otherwise could not be legally captured in bulk by the government.

These are the same call records the DOJ wants to hold indefinitely, and its only justifications aren't even relevant to the data in question, as Judge Walton points out:

In sharp contrast with the document retention policies of corporations, the restrictions on retention of United States person information embodied in FISA minimization procedures are the means by which Congress has chosen to protect the privacy interests of United States persons when they are impacted by certain forms of intelligence gathering.

Walton points out the danger of granting the DOJ this extension, saying doing so would "significantly increase" the chance of the retained metadata being improperly used or disseminated. There is little doubt the NSA would have enjoyed an indefinite extension on the destruction data, given the "collect it all" proclivities of its various directors. But the DOJ's argument is ultimately empty.

The argument is also highly suspect. As noted in our earlier story, the DOJ made no similar effort to retain data pertaining to a 2008 lawsuit with the EFF -- data which would have been disposed of in 2013. This data likely wouldn't have helped the DOJ, or at the very least, would have resulted in a long legal battle to keep it hidden.

With that in mind (and being naturally cynical), it's tempting to view the DOJ's weak effort to hold onto the data as a deliberate ploy to help it keep this metadata from ever appearing in court. Having this granted would have been a small win for the NSA, which could then hold onto data presumably forever. But old data isn't nearly as useful as fresh data, as the NSA knows. The bigger win would be the disposal of data related to lawsuits. The FISA court shooting down this request means that, if the NSA/DOJ buy enough time, the metadata will never appear in court.

The government seems to be dealing itself a lot of winning hands in the ongoing NSA debacle, leaving the surveilled public damned with both do's and don'ts.

Permalink | Comments | Email This Story
]]>not-much-'justice'-over-at-the-DOJhttps://www.techdirt.com/comment_rss.php?sid=20140307/16401426487Thu, 27 Feb 2014 13:36:00 PSTDOJ Asks To Hang Onto Bulk Collections Longer, Citing Need To 'Preserve' Evidence It Has No Intention Of Presenting In CourtTim Cushinghttps://www.techdirt.com/articles/20140227/08464126374/doj-asks-to-hang-onto-bulk-collections-longer-citing-need-to-preserve-evidence-it-has-no-intention-presenting-court.shtml
https://www.techdirt.com/articles/20140227/08464126374/doj-asks-to-hang-onto-bulk-collections-longer-citing-need-to-preserve-evidence-it-has-no-intention-presenting-court.shtml
The DOJ is asking the courts to extend the amount of time it can hold onto bulk metadata records. The use-by date is normally five years, but the DOJ wants more time. It's stated reason for the request is to prevent spoliation of evidence that might be needed in the several lawsuits filed against the government since the exposure of the NSA's bulk collection programs.

Some things to note: the DOJ is asking for the first FISA order of 2014 to be amended to remove the 5-year expiration date, which seems to indicate that the amendment won't affect anything previously collected. The storage limit has been five years since at least 2006, so what the DOJ is asking for is for data to be held indefinitely, for an indefinite period going forward.

Obviously, this carves a rather large hole in the NSA's (already minimal) minimization procedures. The DOJ claims the retained data will be reserved for "non-analytic" purposes, but I don't really see how the it can make that assertion, considering the NSA, at this point, still collects and stores it. Searches could be limited to five years from date of search, but this presumes a lot of an agency run by people who routinely "explore the edges of the box." (Granted, historical data tends to become less useful the older it gets, but there are hardly any limits placed on the NSA's collection abilities, so it's really not a good idea to let the government start stripping these few stipulations away.)

What's absolutely disgusting about this request is the fact that the DOJ has no interest in allowing these records to be admitted as evidence. In fact, the DOJ has already withheld this information from several defendants, effectively preventing them from discovering where the government obtained the evidence being used against them. The DOJ is talking a good game about due process, etc., but its track record shows it's willing to keep this information hidden for as long as possible.

Before the leaks, the DOJ didn't even have to acknowledge it used these programs to gather evidence against defendants. Before the leaks, other national law enforcement and investigative agencies were given this evidence and instructed to construct a paper trail to cover up the origins. The DOJ can't really get away with this anymore, but that won't stop it from pretending national security concerns outweigh a defendant's need to know what evidence is being used and how it was derived. And that's not even addressing those already imprisoned using evidence the DOJ actively hid from defendants, as Marcy Wheeler at emptywheel points out.

Of course, it was only 24 hours ago when DOJ was last caught violating that principle in Section 702, abrogating a defendant’s right to know where the evidence against him came from. And there are a whole slew of criminal defendants — most now imprisoned — whose 702 notice DOJ is still sitting on, whose rights DOJ felt perfectly entitled to similarly abrogate (we know this because back in June FBI was bragging about how many of them there were). So I am … surprised to hear DOJ suggest it gives a goddamn about criminal defendants' rights, because for at least the last 7 years it has been shirking precisely that duty as it pertains to FISA.

Wheeler also notes that the DOJ may be pretending to be concerned about the lawsuits it's currently facing, but it expressed no similar concern in the years before Snowden's leaks exposed the NSA's programs.

[A]s EFF's Cindy Cohn pointed out to the WSJ, Judge Vaughn Walker issued a retention order in EFF’s 2008 suit against the dragnet.

"Ms. Cohn also questioned why the government was only now considering this move, even though the EFF filed a lawsuit over NSA data collection in 2008.

In that case, a judge ordered evidence preserved related to claims brought by AT&T customers. What the government is considering now is far broader."

At that point, the DOJ has no problem letting evidence against the NSA expire, but now it wants an indefinite extension to records going forward, using the pretense that it cares about due process as leverage. The NSA wins either way. Longer retention means more access to the collection, on or off the books. And it knows the incredibly misnamed Dept. of Justice will do its best to keep collected surveillance data out of the harsh judicial sunlight.

Permalink | Comments | Email This Story
]]>deck-stacking-at-its-finesthttps://www.techdirt.com/comment_rss.php?sid=20140227/08464126374Mon, 24 Feb 2014 11:04:00 PSTEric Holder Officially Signs New Rules To Protect Journalists... But Fine Print Shows They're MeaninglessMike Masnickhttps://www.techdirt.com/articles/20140223/22430526327/eric-holder-officially-signs-new-rules-to-protect-journalists-fine-print-shows-theyre-meaningless.shtml
https://www.techdirt.com/articles/20140223/22430526327/eric-holder-officially-signs-new-rules-to-protect-journalists-fine-print-shows-theyre-meaningless.shtmlco-conspirator in order to get his records -- Attorney General Eric Holder promised new rules that would be marginally more respectful of protecting journalists. While recent reports have suggested that these new guidelines were considered official policy in the DOJ for the past few months, last week they were officially signed by Holder.

As expected, the rules do suggest a slight nod towards respecting the privacy of journalists who are engaged in "ordinary news-gathering activities" but leaves open plenty of loopholes. The biggest, by far, is noted by Marcy Wheeler, who points out that the new rules don't cover FISA warrants or National Security letters. In other words, the DOJ can still make use of the massively abused process of national security letters (NSLs) to go on fishing expeditions against journalists. As Wheeler notes, this means that the new guidelines are "worth approximately shit in any leak -- that is, counterintelligence -- investigation."

The whole thing is a joke, but the problem is that the idea of a free and open press is the punchline.

Permalink | Comments | Email This Story
]]>that's-a-mighty-big-loophole-you've-got-therehttps://www.techdirt.com/comment_rss.php?sid=20140223/22430526327Mon, 10 Feb 2014 16:03:00 PSTNew FISA Court Appointees Are A Pro-Government Prosecutor And An Unknown QuantityTim Cushinghttps://www.techdirt.com/articles/20140207/15060326140/new-fisa-court-appointees-are-pro-government-prosecutor-unknown-quantity.shtml
https://www.techdirt.com/articles/20140207/15060326140/new-fisa-court-appointees-are-pro-government-prosecutor-unknown-quantity.shtml
Back in June of last year, as the Snowden leaks first began rolling out, we covered a Reuters story that helped explain exactly how the FISA court had become so compliant in its relationship with the NSA. Part of the problem was the appointees, selected by Supreme Court Chief Justice John Roberts, which were overwhelmingly Republican.

12 of the current 14 judges are Republicans and most were appointed by Republican presidents. The conservative majority naturally lent itself to George W. Bush's newly-minted, post-9/11 War on Terror. That so little consideration has been given to the American public's concerns is unsurprising, what with a slate of judges composed of prosecutors and enablers of questionable government behavior. The two newest faces, despite both being originally appointed to the bench by Democrat presidents, may do very little to change the overall makeup of the court.

Seattle-based 9th U.S. Circuit Court of Appeals Judge Richard Tallman joined the court of review for a term that started last month. Democratic President Bill Clinton appointed Tallman, a Republican, as a federal appeals court judge in 2000.

A former federal prosecutor, Tallman joined the 9th Circuit as part of a deal between Clinton and Republican senators. Tallman has developed a reputation as a smart, hard working judge who frequently sides with the government in criminal cases, said Rory Little, a Hastings College of the Law professor who regularly argues before the court.

"He certainly does not express suspicion of governmental action very often," Little said.

Tallman's appointment doesn't appear to address the "rubber stamp" problem. As you may remember from another post here at Techdirt, Judge Richard Tallman was one of four judges who dissented from the majority opinion which found that warrantless access to hotel and motel guest records by the LAPD was unconstitutional. His major objection was that the decision presumed the worst about the police department, while he was more inclined to presume the best.

The ordinance does not claim to alter the LAPD's constitutional responsibility to adhere to Fourth Amendment safeguards when making any demand for information," Tallman's dissent states. "We cannot presume that police have violated the Fourth Amendment without any facts with which to make that determination."

The major flaw in Tallman's argument is that the city's ordinance, as written, makes no requirement that the LAPD consider the constitutional implications of accessing the records without warrants. Instead, it merely granted them carte blanche access while simultaneously hitting motel/hotel owners with criminal charges if they challenged the LAPD's access.

Judging from his dissent, Tallman is a perfect fit for the NSA, which prefers its access to information warrantless, on demand and in bulk.

The other appointee, Judge James E. Boasberg, is a bit of a tougher read. On one hand, back in 2012, he shot down Judicial Watch's FOIA request for the Bin Laden death photos, ruling that national security interests outweighed the public interest. On the other hand, he denied the DOJ's attempt to withhold documents related to "Standard Operating Procedure 303," (the government's ability to deactivate wireless networks in case of emergency) which EPIC sought after San Francisco police shut down protestors' cellphone communications.

Boasberg will fill Judge Reggie Walton's seat, one of the only FISC judges to confront the NSA on its bad habits, sloppy collection techniques and deliberate misrepresentation of its efforts. With his limited track record in related areas, Boasberg could go either way. He's pushed back against the government before, and with some First Amendment trench experience, may be more amenable to considering constitutional implications.

This duo of government-company-man and a relatively unknown quantity isn't exactly the most heartening set of appointees, but if nothing else, it may indicate the Chief Justice John Roberts may be feeling the heat for packing the court with pro-government prosecutors and Republicans.

Permalink | Comments | Email This Story
]]>change:-the-slowest-and-most-unstable-elementhttps://www.techdirt.com/comment_rss.php?sid=20140207/15060326140Fri, 7 Feb 2014 03:25:50 PSTFISA Court Agrees To Changes That Limit NSA's Ability To Query Phone RecordsMike Masnickhttps://www.techdirt.com/articles/20140206/17522626124/fisa-court-agrees-to-changes-that-limit-nsas-ability-to-query-phone-records.shtml
https://www.techdirt.com/articles/20140206/17522626124/fisa-court-agrees-to-changes-that-limit-nsas-ability-to-query-phone-records.shtmldisappointed by President Obama's speech concerning his plans for reforming surveillance efforts, there were a few significant suggestions, with the most major one being a limit from being able to explore "3 hops" down to "2 hops." That might not sound that big, but it is a pretty big limitation when you dig into the math. Furthermore, he said that there should be a court reviewing each request to query the phone records database. He left open a pretty big loophole, saying that this judicial review could be skipped in a "true emergency," but it's still something.

In response, the Justice Department actually went to the FISA Court and filed a motion to revise the current order approving the telephone records collection (under Section 215 of the PATRIOT Act, sometimes called the "bulk metadata" program), to change it to put in place these restrictions. The FISA Court has now approved that request, and will release a (possibly redacted) version of the order within the next week and a half or so.

This is a small change, but it is still a meaningful change that creates both more oversight and greater limits on how this data can be used. It's a small step in the right direction.